Previous 1 2 Next 23 Replies Latest reply: Jan 9, 2012 7:11 AM by ctlow
ctlow Level 1 Level 1 (0 points)

Can't find exactly this: I'm running Windows Vista through Fusion on my home iMac about 2 years old, 4 GB RAM, Snow Leopard.

 

I access that iMac from my MacBook Pro, about 3 or 4 years old, 2 GB RAM, Lion, through a very cool SSH VPN tunnel.

 

It is so slow as to be unusable. The rest of my iMac doesn' whiz along either, over the tunnel, but I figure that's just the Internet connection speed. But it's manageable, whereas Windows (inside Fusion) is glacial.

 

The thing is: it used to be faster.

 

Fusion is "bridge" networked.

 

I just upgraded this morning to Fusion 4 ... hoping ... but no improvement.

 

Anything obvious I could do to speed up Fusion-over-SSH closer to the speed of the native Mac side of my iMac?

 

All my 3 OS's are as up-to-date as possible, etc.

 

Thank you.

 

Charles


MBPro, 2007 Dec. -24" iMac 2.93 GHZ, 4MB RAM, 2009 June - iPhone 3G, 8 GB RAM, 2, Mac OS X (10.6.5), Airport Extreme Base Station, USB printer, wireless printer
  • MrHoffman Level 6 Level 6 (13,020 points)

    You're working with ssh port-forwarding. 

     

    A more traditional VPN typically provides the port forwarding and IP routing automatically.  (You're not setting up the forwarding for the individual protocols with the VPN.)

     

    Your connection sequence and your testing does imply that there's a performance issue with VMware fusion, with the virtual network configuration or operation within Fusion, or within the connection to Windows Vista.   (A virtual machine guest will typically use some form of emulated network or NAT or such provided within the virtual machine, as that's how the guest operating systems can perceive themselves as being connected to the physical network.)

     

    You could also test the performance of the same network path using a telnet connection, (that's port 23, and doesn't do the port-forwarding stuff) and see if that's slow.  The telnet path is unencrypted and credentials are in cleartext.  Unlike ssh.  But it's otherwise similar; if you see a slowdown with that, it's not ssh involved.  But if ssh is slow and telnet isn't, this might be the encryption involved within the virtual machine guest; within Windows Vista.

     

    Also test with an SSH connection and a telnet connection from another system on the local LAN.  Eliminate the remote network as a suspect.  (Though your existing finding that Mac OS X connection is fast tends to exonerate the remote connection.)

     

    Talk to the VMware Fusion folks.  This looks to be a case that would best addressed by the VMware Fusion support (and potentially their enginering) folks, and whatever documentation they have on setting up the virtual network, and then with VMware support.  (There's very little involved here of Mac OS X, and you've indicated you don't have performance issues when connecting ssh into Mac OS X.  This finding would tend to exonerate Mac OS X as the central culprit.)

     

    As an alternative you could test with, a gateway-firewall device with an embedded VPN server would be a reasonable test.  See if that runs any faster, as that would move the effort of the data encryption off of the virtual machine guest.

  • ctlow Level 1 Level 1 (0 points)

    Thanks, MrHoffman.

     

    I'm "geeky" (in the good sense) but not at that level.

     

    Firstly, my SSH tunnel is just slow period. The Mac side is also slow, but useable. Something happens at the Mac-Fusion interface to make it barely usable. I often for example type in a "field" in a Windows database program I need, then go do something else, then come back to type in the next field. It can a minute almost, or it seems like.

     

    File Sharing between the client and host MACs is slow as well. Quite slow.

     

    This has been from several remote sites over the last few months: from work to home, from hotels to home. How good the work/hotel networks/Internet-connections are I do not know.

     

    Then, if a "more traditional VPN" would help, how would I do that?

     

    How would I do a telnet test?

     

    I haven't done a local LAN test yet, but will. Using Screen and File Sharing without the tunnel, just on my local home network, works very well.

     

    I posted this question also on VMWare Communities, and it has not been answered. That of course is not their formal Tech Help service. The Fusion help files themselves have not enlightened me, but again I don't completely understand them. (I do partly understand them!)

     

    What's a "gateway-firewall device with an embedded VPN server"?  Or rather, where would I be able to borrow one? Would I be able to set it up?

     

    Sorry! I should be having my "IT-People" doing this for me, except that I don't have any.

     

    Charles

  • ctlow Level 1 Level 1 (0 points)

    Thanks again, MrHoffman.

     

    I did indeed get in touch with VMWare Support, and we bashed through a few basic questions, but the upshot was that screen sharing over the Internet is variably slow (depending on connection speed), and that there is "overhead" in the physical-to-virtual machine interface which won't speed things up, and however much this is contributing to the problem is hard to know, but we're sure that it's not helping.

     

    No suggestions, in other words.

     

    (I'm dealing with this currently by moving Fusion from my desktop to my laptop.)

     

    Other observations: although internet screen sharing is manageable on the native Mac side of my desktop ("server"), some things are still very slow. If the screen saver is running, it can be a struggle to disengage it. Photo Booth is extremely slow (and I'm not sure why I tried it), for example. I don't imagine that these items will advance our understanding significantly, but there they are.

     

    Thanks again.

     

    Charles

  • etresoft Level 7 Level 7 (26,555 points)

    ctlow wrote:

     

    Can't find exactly this: I'm running Windows Vista through Fusion on my home iMac about 2 years old, 4 GB RAM, Snow Leopard.

     

    I access that iMac from my MacBook Pro, about 3 or 4 years old, 2 GB RAM, Lion, through a very cool SSH VPN tunnel.

    You could add some RAM to that machine. Other than that, there isn't much you can do. If you are doing this over the internet you are limited by whatever upload speed you have at home. Usually, that is quite slow. Screen sharing over local ethernet is pretty slow. Plus you are taking graphics code optimized to run as fast as possible in a VM environment and shoving it all over that horribly slow line. That's just a mess.

  • ctlow Level 1 Level 1 (0 points)

    Thanks, Etresoft. Much obliged. Charles

  • Camelot Level 8 Level 8 (46,315 points)

    ...was that screen sharing over the Internet is variably slow

     

    Hang on, you didn't mention screen sharing in your original post. That adds a whole new dimension (and set of delays) to the mix.

    Screen sharing requires orders of magnitude more data/bandwidth that simple text-based transfers, so any networking issue is going to be magnified.

     

    What's missing from your tests is the screen sharing speed between the Mac and the Windows VM on the same LAN - i.e. what degree of latency is added by the internet connection.

    In addition, testing the screen sharing from the Mac side of things (i.e. on the same Mac, even though you could just flip to the Fusion window) will tell if there's high latency/delay in the Mac talking to Windows via the VM. If there is then it could be a matter of tweaking the Windows' networking configuration to work better across the VM bridge - it's possible, for example, that Windows is running with an MTU that's too high for the VM bridge/NAT environment and that's causing a lot of delay in communication between Windows and the host Mac, which is only going to get amplified over the internet.

    Thankfully, for me, it's been a long time since I've had to play with Windows networking setup, but I'd expect there to be some option for tweaking the network configuration somewhere in that mess of an interface.

  • ctlow Level 1 Level 1 (0 points)

    Thanks, Camelot.

     

    So yes: screen sharing.

     

    My very distinct observation is that:

     

    1/ Screen Sharing works very well over my home LAN, accessing my iMac from my MacBook Air (currently), and this includes native Mac side as well as the Fusion Windows side. If there is a delay it is not much, and Windows through Fusion remains quite useable.

     

    2/ Screen Sharing over the Internet is noticeably slower, but still manageable on the Mac side, but not really on the Windows side. Strangely, this has changed, at some undetermined point in the past. It used to be slow, but now it is so slow that it's not worth the effort. In one database program I was use, I could type and mouse ahead by ten or more fields, and as long as I typed accurately, it would all flow normally, but would be 20 seconds behind me. That means that if I made a typo or had some other problem, everything ground to almost a halt.

     

    I looked up MTU so found the definition ("Maximum Transmission Unit"). I can't find any reference to it in the VMWare Fusion help files, and I've looked through lots of "properties" windows inside Windows and don't see the term there either - although there are about a gazillion things which one could adjust, but about which I know pretty well nothing. I looked up MTU at vmware.com, and found a "community" question about it which remains unanswered, at http://communities.vmware.com/thread/288479.

     

    The VMWare help desk says that "Bridge", which is the protocol I was using, is about as good as I can get, under these circumstances (and that I was basically just scuppered). But I tried "NAT" and "private" and it made no noticeable difference.

     

    I do now find something in the Fusion help files about an internal VNC server, but I'm not quite following all of the terminology. I rather suspect that it wouldn't help me.

     

    I'm also now finding instructions in Windows help about turning off "autotuning" and about turning on "Flow Control". I might try that.

     

    In the meantime, I've simply moved Fusion and Windows Vista to my MacBook Air, which works fine and will be with me when away from the office, but means that I need to use two computers when back at base - my iMac fof most stuff, and my Air for Windows programs. And I can live with that.

     

    Thanks again.

     

    Charles

  • etresoft Level 7 Level 7 (26,555 points)

    ctlow wrote:

     

    I do now find something in the Fusion help files about an internal VNC server, but I'm not quite following all of the terminology. I rather suspect that it wouldn't help me.

    I suspect that is exactly what you need.

  • ctlow Level 1 Level 1 (0 points)

    Thanks, etresoft.

     

    Now that I have learned some more specific search terms, I'm finding things like this:

     

    -http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display KC&externalId=1015147

    -http://communities.vmware.com/thread/111391 (scary)

    -http://communities.vmware.com/docs/DOC-1201 (scary)

    -http://pubs.vmware.com/fusion-4/index.jsp?topic=/com.vmware.fusion.help.doc/GUID -97A2E489-4390-4B9B-BC2A-E97A5CD5F90E.html

     

    Does this mean that I would need VNC software for the client computer? If so, that would have nothing to do with my carefully-arduously-constructed SSH VNC tunnel (http://www.ctlow.ca/SSH-VPN_MacOSX.html). Yes, it seems like a VNC client program would be needed.

     

    http://sourceforge.net/projects/cotvnc/

     

    I've looked at it before until I learned that I didn't need it, but now maybe I do.

     

    I have a more specific question now to ask of VMWare Support as well, and will do so.

     

    Thanks again.

     

    Charles

  • etresoft Level 7 Level 7 (26,555 points)

    I believe you can use MacOS X Screen Sharing as a VNC client. In theory, you should be able to route the VNC connection over your SSH tunnel. That would be recommended as VNC isn't known for security - rather, it isn't known for good security.

  • BobHarris Level 6 Level 6 (15,375 points)

    As etresoft says, you can use Screen Sharing as your VNC client (unless it is not a Mac you are going to and their VNC server does not play nice with your Mac :-) - if you do need a VNC client try "Chicken" as in Chicken of the VNC <http://www.macupdate.com/app/mac/36208/chicken>).

     

    As for connecting over the tunnel, you just use Finder -> Go -> Connect to server, and enter:

     

    vnc://localhost:12345

     

    Where 12345 is the local port number you specified for your ssh tunnel.

     

    I use this all the time for VNC to my Mom's 300 mile away iMac, for AFP file sharing across the internet, etc...  ssh tunnels can be very useful.

     

    Message was edited by: BobHarris

  • ctlow Level 1 Level 1 (0 points)

    Thanks, Bob (I was hoping you would show up), and thanks etresoft.

     

    To recap: I'm connecting between 2 Macs (thankfully) but also to VMWare Fusion, within my Mac, running Windows (Vista), and although the whole SSH-VNC tunnel is slow, within Fusion it has got slower and slower until it's virtually unusable.

     

    I just learned that Fusion contains in internal VNC functionality, and all I probably have to do is to turn it on ... assign a port ... and the details of how to configure that are what I'm going to play with next. (Soon. I've moved Fusion to my laptop, which is good when "away" but a bit incovenient when back at the office. So I would have a little work ahead of me to move it back and test it out.)

     

    Here's a repeated link from above about the Fusion VNC:

     

    http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=display KC&externalId=1015147

     

    Here's the kind of command I'm using to establish my SSH-VNC tunnel:

     

    ssh -p 12345 -L 23456:localhost:548 -L 34567:localhost:5900 ServerAcct@soulmate.dyndns.org

     

    And that's from this page of my own:

     

    http://www.ctlow.ca/SSH-VPN_MacOSX.html

     

    with which Bob is already familiar.

     

    Could it be so simple that I add a bit to my SSH command such as : "-L 45678:localhost:5901", and that would get me directly into Fusion, and make my SSH-VNC tunnel faster?

     

    Thank you again.

  • BobHarris Level 6 Level 6 (15,375 points)

    Could it be so simple that I add a bit to my SSH command such as : "-L 45678:localhost:5901", and that would get me directly into Fusion, and make my SSH-VNC tunnel faster?

    I just gave your suggestion a try, and it seems work work just fine.  See following image from VMware Fusion (v4)VMwareFusionVNCport.jpg

     

    NOTE:  The VMware Fusion guest MUST be running before the VNC server listens on the specified port.

     

    I enabled one of my VMware Fusion guests for VNC server support, giving it 5910 as the port, plus a unique 8 character password.

     

    I then started my VMware Fusion guest.

     

    I then went to another Mac in the house, and did

     

    ssh -L 12345:localhost:5910 myMacBookPro.local
    

     

    Then I fired up Chicken

    <http://www.macupdate.com/app/mac/36208/chicken>

    and specified

     

    localhost
    5910
    unique8charPassword
    

     

    and I was viewing my VMware Fusion guest

  • ctlow Level 1 Level 1 (0 points)

    Thanks, Bob.

     

    So, this syntax worked:

     

    ssh -L 12345:localhost:5910 myUserID@my_Imac.local

     

    Note that I had to add in "myUserID@" or all sorts of dire warning messages popped up and it didn't work.

     

    So, I fired up my "proper" SSH tunnel, using a dynamic IP and the "-p" parameter which you taught me a year or two back, and:

     

    1. it worked too!;
    2. however, I had to choose between which VNC to use, either the entire Mac or just Fusion, choosing only one of 59xx; otherwise it gave me an "already in use" message.

     

    That's not too serious, although I would like to have access to Mac Mail on my server as well as directly to Fusion.

     

    Of course, at the end of all this, when I do my remote over-the-Internet testing, if Fusion is still too slow, then I may have to move it back to my laptop, involving other inconveniences when back at the office.

     

    Thanks again.

     

    Charles

Previous 1 2 Next